Input and output

In terms of zero-knowledge circuits, the information that we are trying to prove valid is called public input. And the secret piece of information that may be known only by prover is called witness.

In the Zinc framework, the program's result becomes public input. That means that whatever the main function returns should be known by verifier. All other runtime values including arguments represent circuit's witness.

So when verifier checks the program's result and the proof it is safe to state that:

There is some set of arguments known to prover, which, being provided into program yields the same output.

The prover must provide program's arguments to generate the result and proof.

Verifier will use the proof to check that the result has been obtained by executing the program.

The following example illustrates a circuit proving knowledge of some sha256 hash preimage:

use std::crypto::sha256;

fn main(preimage: [bool; 256]) -> [bool; 256] {
    sha256(preimage)
}